EP4459925A1 - Methode d'appariement d'un système fournisseur de contenu et d'un dispositif de réception, produit programme d'ordinateur et dispositifs correspondants - Google Patents

Methode d'appariement d'un système fournisseur de contenu et d'un dispositif de réception, produit programme d'ordinateur et dispositifs correspondants Download PDF

Info

Publication number
EP4459925A1
EP4459925A1 EP23171050.0A EP23171050A EP4459925A1 EP 4459925 A1 EP4459925 A1 EP 4459925A1 EP 23171050 A EP23171050 A EP 23171050A EP 4459925 A1 EP4459925 A1 EP 4459925A1
Authority
EP
European Patent Office
Prior art keywords
content provider
receiving device
key
unique identifier
hand
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP23171050.0A
Other languages
German (de)
English (en)
Inventor
Marco Macchetti
Didier Hunacek
Karine Villegas
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nagravision SARL
Original Assignee
Nagravision SARL
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nagravision SARL filed Critical Nagravision SARL
Priority to EP23171050.0A priority Critical patent/EP4459925A1/fr
Priority to US18/651,810 priority patent/US20240372716A1/en
Publication of EP4459925A1 publication Critical patent/EP4459925A1/fr
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation

Definitions

  • the field of the disclosure is that of the securing of the delivering of content to a receiving device.
  • the disclosure relates to a method for pairing a content provider system and a receiving device intended to receive content data from the content provider system in order to secure the delivery of the content.
  • the disclosure can be of interest in any field wherein such securing of the delivery of content occurs. This is the case for instance in the field of pay-TV or, more generally, in the field of the delivery of conditional access data.
  • Operators are currently in charge of distributing conditional access content or protected content made available to users by means of receiving devices able to handle multimedia contents.
  • Each user can have several receiving devices such as smartphones, tablets, laptops or TV receiving devices for example.
  • the explosion in the number of receiving devices poses a certain number of problems to the operators.
  • each receiving device is dedicated to a given operator. This is known as vertical market.
  • a receiving device is specifically personalized for this operator or paired with this operator and contains cryptographic means (algorithms, keys) specific to this operator.
  • CAS Conditional Access Systems
  • the CAS supplier makes electronic modules be produced which could be associated to an operator among a plurality of operators, and as the operator to which a specific electronic module will be finally associated is not known at the moment of the personalization of the electronic module, the CAS supplier personalizes the modules with data which are specific to them and totally independent of the operators.
  • the pairing of the receiving device with the operator can be made in two different ways: either at the production of the multimedia unit, or during its initialization by the final user.
  • each receiving device will be associated to a specific operator so that it will be able to treat only information coming from this operator.
  • the manufacturer of receiving devices has to personalize each receiving device according to the intended operator. In other words, the receiving device and the operator have to be paired.
  • the supplier of the CAS has to deliver data specific to the operator, in particular unique and global keys of this operator, for all the receiving devices intended to the concerned operator, in order to allow the operator to subsequently send data and content to these receiving devices in a secure way.
  • an autonomous unit such as a security hardware module known under the name Hardware Security Module (HSM), which can produce the data on the fly.
  • HSM Hardware Security Module
  • the operator is the one carrying out the personalization of the multimedia units through its transmission system.
  • the operator has to know the secret data which allows the personalization of the multimedia units in the same way as the manufacturer of multimedia units in the previous case.
  • the supplier has to deliver to the operator a huge quantity of data, as they used to with the manufacturer of the multimedia units.
  • a particular aspect of the present disclosure relates to a method for pairing a content provider system and a receiving device intended to receive content data from the content provider system through a first communications network.
  • An authority server is communicatively connected to the receiving device and to the content provider system through a second communications network.
  • a cryptographic function and a receiving device unique identifier are populated in the receiving device. According to such method, the receiving device executes:
  • the present disclosure proposes a new and inventive solution for reducing the quantity of data to be transmitted during the personalization of a receiving device (e.g. a multimedia unit such as a smart-TV, a smartphone, a tablet, etc.) to be paired with a content provider system (e.g. belonging to an operator such as a pay-tv operator).
  • a receiving device e.g. a multimedia unit such as a smart-TV, a smartphone, a tablet, etc.
  • a content provider system e.g. belonging to an operator such as a pay-tv operator
  • the proposed solution relies on the simple exchange of identifiers between the receiving device and the content provider system to be paired with for allowing the generation of a secret key known only by the receiving device and the content provider system.
  • This allows avoiding the delivery of huge key packages by the key authority (e.g. in the meaning of the identity-based encryption (IBE) standard) to both the manufacturer of the receiving device and the entity managing the content provider system.
  • the key authority e.g. in the meaning of the identity-based encryption (IBE) standard
  • IBE identity-based encryption
  • a same secret key can be computed by both the content provider system and by the receiving device based on the simple exchange of identifiers between the receiving device and the content provider system to be paired with.
  • the obtaining a first key comprises receiving the first key from the authority server.
  • a public key known by the authority server is populated in the receiving device.
  • the obtaining a first key comprises:
  • the type of data delivered by the key authority during the manufacturing of the receiving device is further reduced as only generic parameters have to be populated in the receiving device (i.e. the cryptographic function, the public key and the receiving device unique identifier). It's only on demand, when the receiving device effectively needs to be paired (e.g. in an on-field application) that the partial key is provided to the receiving device for allowing the receiving device to compute its first key, i.e. its own secret key.
  • the predefined function is e.g. a key derivation function or a hash function.
  • the third function implements the elliptic curve scalar point multiplication between said difference and the output of the cryptographic function applied to the receiving device unique identifier.
  • a cryptographic function and a content provider unique identifier being populated in the content provider system executes:
  • the content provider system executes, before executing the receiving from the authority server the second key: sending, to the authority server, the content provider unique identifier.
  • the first function implements the elliptic curve scalar point multiplication between said arguments, the output of the cryptographic function being a point on the elliptic curve.
  • the second function implements the bilinear pairing between the operands.
  • the cryptographic function is a hash function.
  • the first communications network is a bidirectional communications network.
  • the first communications network implements an internet protocol.
  • the first communications network and the second communications network are a same network.
  • the receiving the receiving device unique identifier or the content provider unique identifier comprises receiving the receiving device unique identifier or the content provider unique identifier through a secured communication channel.
  • Another aspect of the present disclosure relates to a computer program product comprising program code instructions for implementing the above-mentioned method for pairing a content provider system and a receiving device (in any of the different embodiments discussed above), when the program is executed on a computer or a processor.
  • Another aspect of the present disclosure relates to an electronic device configured for implementing all or part of the steps of the above-mentioned method for pairing a content provider system and a receiving device as executed by said receiving device (in any of the different embodiments discussed above).
  • the features and advantages of this device are the same as those of the corresponding steps of said method. Therefore, they are not detailed any further.
  • Another aspect of the present disclosure relates to an electronic device configured for implementing all or part of the steps of the above-mentioned method for pairing a content provider system and a receiving device as executed by said content provider system (in any of the different embodiments discussed above).
  • the features and advantages of this device are the same as those of the corresponding steps of said method. Therefore, they are not detailed any further.
  • FIG. 1 we describe a receiving device 110 in communication with a content provider system 120 and with an authority server 100 according to one embodiment of the present disclosure.
  • the receiving device 110 takes the form of a smart-TV.
  • the receiving device 110 is another type of multimedia receiving device, e.g. a smart-TV, a smartphone, a tablet, etc.
  • the receiving device 110 receives content data (e.g. a multimedia content) from the content provider system 120 through a first communications 150 network.
  • the first communications 150 network is a cellular network comprising a base station 150bs, e.g. a 3rd Generation Partnership Project (3GPP) 3G, 4G, 5G, etc. network.
  • 3GPP 3rd Generation Partnership Project
  • Such cellular network is a bi-directional network allowing the receiving device 110 and the content provider system 120 to exchange their respective unique identifier as detailed below in relation with Figures 2 , 2a and 2b .
  • the first communications 150 network is another type of bi-directional network, e.g. a wired network. It can be e.g.
  • a communications network implementing an internet protocol.
  • it does not prevent having the receiving device 110 and the content provider system 120 to be also connected through another communications network, e.g. a broadcast (or unidirectional) network for having the content provider system 120 to send the content data itself to the receiving device 110.
  • another communications network e.g. a broadcast (or unidirectional) network for having the content provider system 120 to send the content data itself to the receiving device 110.
  • the content data is e.g. a conditional-access content that requires the receiving device 110 and the content provider system 120 to be paired, e.g. through the population of cryptographic means (algorithms, keys) specific to the content provider in the receiving device 110.
  • the authority server 100 e.g. in the meaning of the identity-based encryption (IBE) standard
  • the second communications 160 network is e.g.
  • a bi-directional network allowing the authority server 100, the receiving device 110 and the content provider system 120 to exchange data as detailed below in relation with Figures 2 , 2a and 2b .
  • It can be e.g. a communications network implementing an internet protocol.
  • the first communications 150 network and the second communications 160 network are a same network.
  • the authority server 100 comprises a device 100d implementing means configured for executing all or part of the corresponding steps of the method for pairing discussed below in relation with Figures 2 , 2a and 2b .
  • the means implemented in the device 100d are further discussed below in relation with Figure 3 .
  • the receiving device 110 comprises a device 110d implementing means configured for executing all or part of the corresponding steps of the method for pairing discussed below in relation with Figures 2 , 2a and 2b .
  • the means implemented in the device 110d are further discussed below in relation with Figure 4 .
  • the content provider system 120 comprises a device 120d implementing means configured for executing all or part of the corresponding steps of the method for pairing discussed below in relation with Figures 2 , 2a and 2b .
  • the means implemented in the device 120d are further discussed below in relation with Figure 4 .
  • step S200 an initial set-up is performed. More particularly, the step S200 comprises:
  • step S210 an assets provisioning is performed. More particularly the step S210 comprises:
  • the step S212 comprises a step S2121 wherein the authority server 100 computes the first key KU j u .
  • the step S212 further comprises a step S2122 wherein the authority server 100 sends the first key KU j u to the receiving device 110.
  • the receiving device 110 receives the first key KU j u sent by the authority server 100.
  • the computing load is reduced for the receiving device 110.
  • the step S213 comprises a step S2132 wherein the authority server 100 computes the second key KO i u .
  • the step S213 further comprises a step S2133 wherein the authority server 100 sends the second key KO i u to the content provider system 120.
  • the content provider system 120 receives the second key KO i u sent by the authority server 100.
  • a binding of the receiving device 110 to the content provider system 120 is performed. More particularly, during step S220, the content provider system 120 sends, to the receiving device 110, the content provider unique identifier ID operator , Conversely, during step S220 the receiving device 110 receives, from the content provider system 120, the content provider unique identifier ID operator . In the same way, during step S220, the receiving device 110 sends, to the content provider system 120, the receiving device unique identifier ID device . Conversely, during step S220 the content provider system 120 receives, from the receiving device 110, the receiving device unique identifier ID device . For instance, the device unique identifier ID device and the content provider unique identifier ID operator are sent, resp. received, through a secured communication channel established e.g. through the first communications 150 network or through the second communications 160 network.
  • a secret key K ij u shared between the receiving device 110 and the content provider system 120 is computed. More particularly, the step S230 comprises:
  • the same secret key K ij u is computed independently by the receiving device 110 and the content provider system 120. This allows the generation of a same secret key K ij u known only by the receiving device 110 and the content provider system 120.
  • the proposed solution thus relies on the simple exchange of identifiers ID device , ID operator between the receiving device 110 and the content provider system 120 to be paired with. This allows avoiding the delivery of huge key packages by the key authority (e.g. in the meaning of the IBE standard) to both the manufacturer of the receiving device 110 and the entity managing the content provider system 120. Furthermore, with the proposed scheme, there is no need for the entity managing the content provider system 120 to provide a secret data to the receiving devices 110, the same content provider unique identifier ID operator being provided to the different receiving devices 110 to be paired with it.
  • step S213 of the method for pairing the content provider system 120 and the receiving device 110 we describe an alternative embodiment for the step S213 of the method for pairing the content provider system 120 and the receiving device 110.
  • the step S213 according to the present embodiment can be combined with the other steps of the method for pairing the content provider system 120 and the receiving device 110 described above in relation with Figure 2 (in any of the embodiments described above in relation with Figure 2 ).
  • the step S213 comprises the same steps S2132 and S2133 as described above in relation with Figure 2 (in any of the embodiments described above in relation with Figure 2 ).
  • the content provider system 120 sends, to the authority server 100, the content provider unique identifier ID operator .
  • the authority server 100 receives, from the content provider system 120 the content provider unique identifier ID operator .
  • Such embodiment can be of interest in case the content provider unique identifier ID operator was not provided by the authority server 100 during the step S203 described above in relation with Figure 2 . Indeed, in such case the authority server 100 does not have the knowledge of the content provider unique identifier ID operator , e.g. when such content provider unique identifier ID operator has been generated by the content provider itself. Thus, following the execution of the step S2131, the authority server 100 has the knowledge of the content provider unique identifier ID operator and can thus execute the steps S2132 and 2133.
  • step S200 and the step S212 of the method for pairing the content provider system 120 and the receiving device 110 can be combined with the other steps of the method for pairing the content provider system 120 and the receiving device 110 described above in relation with Figures 2 and 2a (in any of the embodiments described above in relation with Figures 2 and 2a ).
  • the step S200 comprises the same steps S201, S202 and S203 as described above in relation with Figure 2 (in any of the embodiments described above in relation with Figure 2 ).
  • the step S200 further comprises a step S204 wherein a public key NPub G owned by the authority server 100 is generated and populated in the authority server 100.
  • the private key corresponding to the public key NPub G is generated and kept secret in the authority server 100.
  • a step S205 The public key NPub G provided by the authority server 100 is populated in the receiving device 110. For instance, such populating is performed during the manufacturing phase of the receiving device 110, e.g. according to the mechanism discussed above in the "Technological background" section. Alternatively, such populating is performed through the sending of the respective data, e.g. through a secure channel established e.g. through the second communications 160 network.
  • the step S212 comprises:
  • the type of data delivered by the key authority during the manufacturing of the receiving device 110 is further reduced as only generic parameters have to be populated in the receiving device 110 (i.e. the cryptographic function H custom , the public key NPub G and the receiving device unique identifier ID device ). It's only on demand, when the receiving device 110 effectively needs to be paired (e.g. in an on-field application) that the partial key KU ⁇ j u is provided to the receiving device 110 for allowing the receiving device 110 to compute its first key KU j u .
  • the predefined function KDF is e.g. a key derivation function or a hash function.
  • the third function implements the elliptic curve scalar point multiplication between:
  • the device 100d comprises:
  • the non-volatile memory 303 is a non-transitory computer-readable carrier medium. It stores executable program code instructions, which are executed by the processor 302 in order to enable implementation of some steps of the method described above (method for pairing the content provider system 120 and the receiving device 110) in the various embodiments disclosed above in relationship with Figures 2 , 2a and 2b .
  • the aforementioned program code instructions are transferred from the non-volatile memory 303 to the volatile memory 301 so as to be executed by the processor 302.
  • the volatile memory 301 likewise includes registers for storing the variables and parameters required for this execution.
  • the disclosure is not limited to a purely software-based implementation, in the form of computer program instructions, but that it may also be implemented in hardware form or any form combining a hardware portion and a software portion.
  • the device 110d comprises:
  • the non-volatile memory 403 is a non-transitory computer-readable carrier medium. It stores executable program code instructions, which are executed by the processor 402 in order to enable implementation of some steps of the method described above (method for pairing the content provider system 120 and the receiving device 110) in the various embodiments disclosed above in relationship with Figures 2 , 2a and 2b .
  • the aforementioned program code instructions are transferred from the non-volatile memory 403 to the volatile memory 401 so as to be executed by the processor 402.
  • the volatile memory 401 likewise includes registers for storing the variables and parameters required for this execution.
  • the steps of the method for pairing the content provider system 120 and the receiving device 110 as executed by the receiving device 110 may be implemented equally well:
  • the disclosure is not limited to a purely software-based implementation, in the form of computer program instructions, but that it may also be implemented in hardware form or any form combining a hardware portion and a software portion.
  • the device 120d comprises:
  • the non-volatile memory 503 is a non-transitory computer-readable carrier medium. It stores executable program code instructions, which are executed by the processor 502 in order to enable implementation of some steps of the method described above (method for pairing the content provider system 120 and the receiving device 110) in the various embodiments disclosed above in relationship with Figures 2 , 2a and 2b .
  • the aforementioned program code instructions are transferred from the non-volatile memory 503 to the volatile memory 501 so as to be executed by the processor 502.
  • the volatile memory 501 likewise includes registers for storing the variables and parameters required for this execution.
  • the disclosure is not limited to a purely software-based implementation, in the form of computer program instructions, but that it may also be implemented in hardware form or any form combining a hardware portion and a software portion.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
EP23171050.0A 2023-05-02 2023-05-02 Methode d'appariement d'un système fournisseur de contenu et d'un dispositif de réception, produit programme d'ordinateur et dispositifs correspondants Pending EP4459925A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP23171050.0A EP4459925A1 (fr) 2023-05-02 2023-05-02 Methode d'appariement d'un système fournisseur de contenu et d'un dispositif de réception, produit programme d'ordinateur et dispositifs correspondants
US18/651,810 US20240372716A1 (en) 2023-05-02 2024-05-01 Method for pairing a content provider system and a receiving device, corresponding computer program product and devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP23171050.0A EP4459925A1 (fr) 2023-05-02 2023-05-02 Methode d'appariement d'un système fournisseur de contenu et d'un dispositif de réception, produit programme d'ordinateur et dispositifs correspondants

Publications (1)

Publication Number Publication Date
EP4459925A1 true EP4459925A1 (fr) 2024-11-06

Family

ID=86330830

Family Applications (1)

Application Number Title Priority Date Filing Date
EP23171050.0A Pending EP4459925A1 (fr) 2023-05-02 2023-05-02 Methode d'appariement d'un système fournisseur de contenu et d'un dispositif de réception, produit programme d'ordinateur et dispositifs correspondants

Country Status (2)

Country Link
US (1) US20240372716A1 (fr)
EP (1) EP4459925A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080148047A1 (en) * 2002-11-14 2008-06-19 Guido Appenzeller Identity-based encryption system
US8108678B1 (en) * 2003-02-10 2012-01-31 Voltage Security, Inc. Identity-based signcryption system
US20130198524A1 (en) * 2012-01-30 2013-08-01 Helen Y. Balinsky Object with identity based encryption
EP1673890B1 (fr) * 2003-10-17 2013-08-21 Voltage Security, Inc. Systeme de cryptage fonde sur l'identite avec informations relatives a la politique de district

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120063597A1 (en) * 2010-09-15 2012-03-15 Uponus Technologies, Llc. Apparatus and associated methodology for managing content control keys
KR102124413B1 (ko) * 2013-12-30 2020-06-19 삼성에스디에스 주식회사 아이디 기반 키 관리 시스템 및 방법
GB201509499D0 (en) * 2015-06-02 2015-07-15 Certivox Ltd Zkd
CN107317674B (zh) * 2016-04-27 2021-08-31 华为技术有限公司 密钥分发、认证方法,装置及系统
CN108347417B (zh) * 2017-01-24 2020-08-07 华为技术有限公司 一种网络认证方法、用户设备、网络认证节点及系统
SG10201701044SA (en) * 2017-02-09 2018-09-27 Huawei Int Pte Ltd System and method for computing private keys for self certified identity based signature schemes
CN110035033B (zh) * 2018-01-11 2022-11-25 华为技术有限公司 密钥分发方法、装置及系统
US10506426B1 (en) * 2019-07-19 2019-12-10 Capital One Services, Llc Techniques for call authentication

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080148047A1 (en) * 2002-11-14 2008-06-19 Guido Appenzeller Identity-based encryption system
US8108678B1 (en) * 2003-02-10 2012-01-31 Voltage Security, Inc. Identity-based signcryption system
EP1673890B1 (fr) * 2003-10-17 2013-08-21 Voltage Security, Inc. Systeme de cryptage fonde sur l'identite avec informations relatives a la politique de district
US20130198524A1 (en) * 2012-01-30 2013-08-01 Helen Y. Balinsky Object with identity based encryption

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ANIKET KATE ET AL: "Pairing-Based Onion Routing with Improved Forward Secrecy", IACR, INTERNATIONAL ASSOCIATION FOR CRYPTOLOGIC RESEARCH, vol. 20080227:044428, 20 February 2008 (2008-02-20), pages 1 - 26, XP061003181 *

Also Published As

Publication number Publication date
US20240372716A1 (en) 2024-11-07

Similar Documents

Publication Publication Date Title
EP3507732B1 (fr) Gestion de droits numériques à chaîne de blocs
EP3391620B1 (fr) Systèmes et procédés de communications sécurisées à parties multiples en utilisant un mandataire
EP3577848B1 (fr) Délivrance de certificat en ligne en fonction d'un certificat d'origine
CN104094267B (zh) 安全共享来自源装置的媒体内容的方法、装置和系统
US9177112B2 (en) Method and device for communicating digital content
CN111371790B (zh) 基于联盟链的数据加密发送方法、相关方法、装置和系统
CN110335043B (zh) 一种基于区块链系统的交易隐私保护方法、设备以及系统
CN112714117B (zh) 业务处理方法、装置、设备及系统
EP1277300A1 (fr) Systeme et procede permettant de controler et d'appliquer les droits d'acces a des media chiffres
CN114465803B (zh) 对象授权方法、装置、系统及存储介质
KR101668033B1 (ko) 시스템 온 칩 장치에서 강력하고 안전한 콘텐츠 보호를 구현하는 개선된 기법
CN104221023A (zh) 数字权利管理
EP3369206A1 (fr) Fourniture sécurisée, par un dispositif client, de clés cryptographique pour l'exploitation de services fournis par un opérateur
CN111901287B (zh) 一种为轻应用提供加密信息的方法、装置和智能设备
US9473471B2 (en) Method, apparatus and system for performing proxy transformation
JP2023527709A (ja) 機密情報を保護するためのマルチパーティ計算およびk-匿名性技法の使用
CN112822177A (zh) 数据传输方法、装置、设备和存储介质
US10841288B2 (en) Cloud key management for AFU security
CN111181944B (zh) 通信系统及信息发布方法、装置、介质、设备
US11831407B1 (en) Non-custodial techniques for data encryption and decryption
EP4459925A1 (fr) Methode d'appariement d'un système fournisseur de contenu et d'un dispositif de réception, produit programme d'ordinateur et dispositifs correspondants
CN103546428A (zh) 文件的处理方法及装置
US12047496B1 (en) Noncustodial techniques for granular encryption and decryption
US11477024B2 (en) Information processing apparatus and information processing method
KR20080007678A (ko) Drm 권리 객체의 효율적인 암호화 및 복호화를 위한장치 및 방법

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN PUBLISHED

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC ME MK MT NL NO PL PT RO RS SE SI SK SM TR

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20250414